Your cooperative’s assets and the threat of cyber attacks

By David Beam

If you use a computer, you are aware of the need to protect your information from damaging viruses or intrusions by "hackers." Government and industry computer systems need security from threats ranging from theft of business secrets to espionage and sabotage of critical infrastructure. Perpetrators can be common thieves, terrorists or even foreign governments. One thing is certain: These threats are becoming more common and sophisticated.

As a member-owner, you can be assured that your cooperative has safeguards and procedures to protect the electricity delivery infrastructure from attack, including "cyber" attacks on computers and telecommunications.

In 2005, Congress passed the Energy Policy Act that contained provisions aimed at protecting the Bulk Power System, also called "the grid," by establishing industry-wide standards and practices to assure electric system reliability and security. Utilities, with oversight from the Federal Energy Regulatory Commission, have established a comprehensive set of standards, including cyber security standards.

North Carolina's electric cooperatives work closely with the North Carolina Electric Membership Corporation (NCEMC) — the power supply organization owned by the 25 cooperatives — to ensure compliance with the standards. Cooperatives are responsible for complying with standards covering every part of the bulk electric system, including generation plants, transmission lines and substations and the sophisticated communications and computer systems which control it.

While the federal government has ultimate authority and enforcement power, it grants considerable control of these standards and practices to utilities themselves, because we have the expertise in this field. We understand the consequences of malicious acts and what's needed to prevent them. NCEMC and member distribution cooperatives follow exacting procedures to ensure compliance with all standards. A full-time compliance coordinator is solely responsible for managing reliability and cyber security standards, and a compliance team of experts is responsible for specific aspects. We also work with specialized contractors to audit and recommend improvements.

The electric industry has deep experience with threats to critical infrastructure. For example, we've restored power after hurricanes and ice storms for decades. Now we focus increasingly on cyber threats as we employ automated systems to generate and deliver electricity.

Contrary to popular belief, a remote hacker cannot easily access the grid's telecommunications systems. Utilities employ layers of defenses and ensure that generation and transmission assets are separate from the telecommunications systems that are visible to the public.

As cooperatives adapt to a more automated "smart" grid, we pay special attention to the cyber security of telecommunications and control systems. We have developed tools that strengthen our security as we continue to improve the efficiency of our distribution systems.

Some measures we've taken are common sense: users change passwords regularly, access to our systems is restricted and logged. Other measures are more involved and costly: NCEMC operates two autonomous, secure networks, one for business systems and one for energy management. No Internet traffic is allowed on the energy management network, and remote access is monitored and controlled. We monitor networks "24-7-365," employ firewalls, and allow no command and control communication for substations. We regularly test our systems, conduct disaster recovery tests, and welcome audits.

Meantime, you can rest assured that your cooperative's critical assets are in good hands.

About the Author

David Beam is NCEMC’s senior vice president for corporate strategy and its corporate compliance officer responsible for regulatory compliance.